What to expect in Lagoon 1.3.0

Lagoon 1.3.0 Release Graphic

Lagoon 1.3.0 will be released soon! Changes will include improvements to our testing setup and some necessary image updates and removals foreshadowed in Lagoon 1.2.0.

Headline items:

  • Incorporating the security release v1.2.1
  • Self-service SSH key updating in the UI
  • Much better timeframe-based Cronjob allocation
  • Image deprecations for PHP 5.6, 7.0 and 7.1, NodeJS 6, 8 and 9
  • Upstream alpine and minor version image pinning for predictability
  • Release (and incorporation) of the brand new amazee.io database-as-a-service operator
  • Billing automation
  • Documentation super-overhaul

API & Authentication Subsystem

The biggest addition here is the ability to self-manage your SSH keys within the Lagoon UI. Please note that currently, this feature is only for users who already have SSH keys (we’re working on being able to load keys for a new user — stay tuned!) There is also a long-overdue PR to fix the deletion of environments that no longer match the branch regex and one to speed up keycloak/auth performance further.

Build & Deploy Subsystem

This release brings the ability to modify the point at which a cronjob is run within a CLI pod, or as a separate cronjob. Depending on the frequency of the cronjob, this can have an impact on the underlying platform: frequent crons should run in CLI, and keep the CLI pod unidled to avoid unnecessary restarts, whereas infrequent cronjobs can run in their own cronjob pods, which will avoid some unnecessary churn when starting and stopping those pods frequently. Another issue has been remedied, where sites with NewRelic enabled were experiencing issues with cronjob pods starting up. The verbosity in build logs has also been reduced, which should make debugging a bit easier!

Logging & Reporting Subsystem

Adding the SQL plugin to our Lagoon ElasticSearch instances will allow us more flexibility in being able to query and export data from ElasticSearch into our other monitoring tools, helper services and automation.

Operators & Provisioning Subsystem

Here amazee.io has added support for its brand new database-as-a-service (DBaaS) operator, in place of the current Ansible Service Broker. This new operator will take charge of the provisioning of the underlying databases for projects hosted on Lagoon. It currently supports MariaDB, but work is underway to support a wider range of database types (PostgreSQL, MongoDB and others). Work is underway on the operator at https://github.com/amazeeio/dbaas-operator, and this will form a template as we migrate to more operators over the coming months — stay tuned!

Base Images & Testing Subsystem

The most noticeable changes here are in the Images available via our Docker Hub (https://hub.docker.com/u/amazeeio). As foreshadowed last release (1.2.0), we are no longer creating images for deprecated versions of PHP (5.6, 7.0 and 7.1) and NodeJS (6, 8, 9), and no longer testing Lagoon against those versions. The :latest tags for each of those images will continue to be served, but will be permanently “locked” to the 1.2.0 release of Lagoon. We recommend that anyone still using these versions should look to upgrade ASAP.

In addition, we have implemented stricter versioning for our upstream Alpine images. Previously, the majority of our images were tied to the “:latest” Alpine release, unless there was a specific incompatibility that required us to pin to an earlier version.

In Lagoon 1.3.0 we have explicitly pinned all the upstream source images we can to Alpine 3.11 (for those that have alpine-specific variants) and minor releases for those that don’t (i.e. Postgres 11.6). This has been done to establish a level of predictability in our image supply chain. Where we have images that can’t yet utilise Alpine 3.11, we will look to upgrade them and resolve incompatibilities over the coming releases.

As per the release cycle (https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases), Alpine 3.8 will remain supported for security fixes until May 2020. We will discuss the image supply chain in an upcoming blog post in more detail.

We’ve also been hard at work in the testing and image space. Now that our test suites run faster and more parallel, we uncovered a lot of dependency, timing and concurrency issues. With these fixes in place, we can get a full test run of Lagoon undertaken in less than an hour!

Documentation & Examples / DX Subsystem

Alanna Burke joined the amazee.io team last month (welcome Alanna!) and has been hard at work giving our documentation some much-needed attention — she’s finished a couple of major edit overhauls already, with more impressive stuff to come!

Automation, Services & Helpers Subsystem

The billing process has lived too long in a complex and occasionally convoluted series of spreadsheets, making it almost invisible to end-users and customers., (h/t to https://shouldthisbeaspreadsheet.com/). Justin Winter has done some incredible behind-the-scenes work to get near real-time data on project usage and utilisation to the amazee.io team.

One other area of improvement in this space is with the auto-idler. We’ve improved how it handles multiple Lagoon clusters and enhances the logic in detecting whether an environment is suitable for idling (based on running processes and last access time).

Sean Hamlin has also been developing a script to aid with database migrations across shared database clusters. As the number of sites hosted on Lagoon has grown, so has our understanding of the specific requirements of hosting Drupal sites at scale. As we continue to fine-tune our parameters and limits, the ability to migrate sites effortlessly (and invisibly) is massively important.

Security Subsystem

We’ve done some work updating the default SSL cipher suites provisioned to Lagoon instances, conforming better to the different established internet standards, and allowing for selectability (https://wiki.mozilla.org/Security/Server_Side_TLS). There will be more movement in this space as http/2 becomes available across the various amazee.io clusters around the world!

Questions? Comments? Feature or contribution ideas? Get in touch today!